<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Enabling cipher suites for stronger encryption | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'ciphers.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/ciphers.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/ciphers.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/ciphers.html" rel="nofollow" target="_blank">../en/ciphers.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="encrypting-communications.html">Encrypting communications</a></span>
»
<span class="breadcrumb-node">Enabling cipher suites for stronger encryption</span>
</div>
<div class="navheader">
<span class="prev">
<a href="configuring-tls-docker.html">« Encrypting communications in an Elasticsearch Docker Container</a>
</span>
<span class="next">
<a href="ip-filtering.html">Restricting connections with IP filtering »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="ciphers"></a>Enabling cipher suites for stronger encryption<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/securing-communications/enabling-cipher-suites.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>The TLS and SSL protocols use a cipher suite that determines the strength of
encryption used to protect the data. You may want to increase the strength of
encryption used when using a Oracle JVM; the IcedTea OpenJDK ships without these
restrictions in place. This step is not required to successfully use encrypted
communication.</p>
<p>The <em>Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
Files</em> enable the use of additional cipher suites for Java in a separate JAR file
that you need to add to your Java installation. You can download this JAR file
from Oracle’s <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html" class="ulink" target="_top">download page</a>.
The <em>JCE Unlimited Strength Jurisdiction Policy Files`</em> are required for
encryption with key lengths greater than 128 bits, such as 256-bit AES encryption.</p>
<p>After installation, all cipher suites in the JCE are available for use but requires
configuration in order to use them. To enable the use of stronger cipher suites
with Elasticsearch security features, configure the
<a class="xref" href="security-settings.html#ssl-tls-settings" title="General TLS settings"><code class="literal">cipher_suites</code> parameter</a>.</p>
<div class="note admon">
<div class="icon"></div>
<div class="admon_content">
<p>The <em>JCE Unlimited Strength Jurisdiction Policy Files</em> must be installed
      on all nodes in the cluster to establish an improved level of encryption
      strength.</p>
</div>
</div>
</div>
<div class="navfooter">
<span class="prev">
<a href="configuring-tls-docker.html">« Encrypting communications in an Elasticsearch Docker Container</a>
</span>
<span class="next">
<a href="ip-filtering.html">Restricting connections with IP filtering »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>